Our commitment to cybersecurity
The digital transformation is in full swing, and cybersecurity paves the way for your institution to participate. As a global market leader for medical imaging and diagnostics, we are committed to helping you stay on track, no matter what challenges and threats you face. We offer a state-of-the-art portfolio of secure products, cybersecurity management services, and consulting that provides you with what you need for optimal protection across your institution. We constantly improve our systems and processes and train our teams in cybersecurity matters, so that high cyberthreat awareness stays top of mind.
Cybersecurity throughout the product lifecycle
Cybersecurity readiness is part of the Siemens Healthineers company culture: we start with secure development and design, we take care of secure deployment, and we help you maintain secure operations continuously.
Medical equipment* from Siemens Healthineers enables you to stay protected. Our products are designed with cybersecurity in mind: they support safe network integration and secure operations around the clock.
Secure Development Lifecycle
Thanks to the Secure Development Lifecycle (SDL), which is at the heart of the Siemens Healthineers approach to cybersecurity, our products* are ready for today’s operational requirements:
- Hardware and software development follow defined state-of-the-art processes
- Product development adheres to Siemens Healthineers standardized requirements and industry best practices
- Processes and requirements are aligned consistently across the Siemens Healthineers product portfolio
*We continue to improve and extend the security measures for our current products. As threats and associated risks are evolving not all statements on this page apply to all products and services. Contact your local Siemens organization for further details.
Built-in security controls
All products currently under development as well as a range of existing offerings have built-in security controls that are essential for modern IT environments:
- Secure configuration and hardening
- Authentication and authorization
- Data encryption
- Trusted machine certificates
- Auditing and logging
We provide the information you need in advance, so there will be no surprises following deployment. Contact your local Sales representative for the following documents:
- Product whitepaper describing all available product security features
- SBOM (Software Bill of Materials)
- General cybersecurity guidance and consultation
- Secure environment configuration recommendation
- Manufacturers Disclosure Statement for Medical Device Security (MDS2)
During deployment, we verify the installation and configure security controls depending on the network and security requirements of your medical facility:
- User management setup for assigning roles to your staff
- Individualized passwords
- Activation of encryption to protect against data theft
- Secured connection to peer systems, e.g., DICOM archive
Cybersecurity Management Services
Because new vulnerabilities are discovered on an ongoing basis, your equipment needs to be monitored, updated, and upgraded in order to stay secure. We offer a suite of services that help you maintain the recommended security level of your Siemens Healthineers equipment.
Vulnerability monitoring and assessment
In line with the U.S. FDA’s post-market guidance and industry best practices, we perform continuous monitoring and assess if known vulnerabilities could be used to exploit equipment and solutions. We also have a formal process in place for handling and disclosing reported security vulnerabilities related to our equipment and solutions.
Transparent overview of security status
We make it as convenient as possible for you to stay protected against threats thanks to teamplay Fleet, our online portal for efficient and simple equipment maintenance, including cybersecurity:
- Teamplay Fleet Cybersecurity Profiles provide information about the security status of your fleet
- Single interface for your Siemens Healthineers medical devices and medical IT solutions
- High levels of transparency regarding the latest vulnerability notifications
- Access to security advisories and mitigation advice
We provide quarterly patches for Siemens Healthineers equipment* and we release additional hotfixes whenever necessary. This allows you to keep up with the evolving threat landscape and stay protected:
- All patches are validated prior to release for patient safety and continuous operations
- With your systems connected to our VPN-encrypted Smart Remote Service (SRS) the patches will be automatically transferred for you to install with just one click
- Alternatively, you can schedule the installation of updates at your convenience through teamplay Fleet Anytime Software Update, especially for equipment* inaccessible through SRS
State-of-the-art system software
Medical equipment can become outdated prior to scheduled replacement. With our Advance Plans, we can help you keep Siemens Healthineers equipment future-proof and cybersecure throughout its lifespan. Choose from a range of service levels to cover your regulatory and financial needs. For products that are not yet eligible for Advance Plans, we offer other service contracts. Please visit our Customer Services website for more information.
Competent incident management
With more than 30 years of experience in IT security, we are well prepared for responding to cyberattacks. Our response to equipment integrity breaches is fast and designed to help limit any potential damage:
- We perform technical evaluation, prioritize breach containment, and share relevant information in an effective and transparent manner
- We conduct forensic analyses to help minimize the risk of future cyberattacks
- We offer support for restoring equipment to a fully functional state
Need support now! Open a Service Ticket in teamplay Fleet
Protecting the privacy of your data is very important to us. To help you comply with laws such as HIPAA in the U.S. and GDPR in Europe, we have aligned our processes with the core principle of “privacy by design and by default.” This means that data protection is incorporated into products, solutions, and services that process personal data beginning in the early design and planning stages.
Certified remote service
Smart Remote Services (SRS) is designed to help you maintain a high level of patient data confidentiality and integrity while upholding the availability of your data at the same time. Certified according to ISO 27001, SRS employs sophisticated authentication and authorization procedures, state-of-the-art encryption technologies and logging routines, and strictly enforced organizational measures. These safeguards allow you to optimally secure patient data and restrict access as needed.
Our cloud-based solutions – including teamplay (which has been awarded the European Privacy Seal (EuroPriSe), AI-Rad Companion, and Digital Ecosystem – are secured by the Microsoft Azure cloud platform to provide you with cutting-edge protections against breaches and malicious attacks. All your information is encrypted, including in-transit from your site and at-rest in our cloud infrastructure. Our solutions also allow you to limit web use and data access based on staff roles to maintain strict control over sensitive information.
We publish security advisories and bulletins on an ongoing basis to notify you about any validated security vulnerabilities pertaining to Siemens Healthineers products. Mitigation may involve applying an update, performing an upgrade, or other actions on your part. Please visit the Siemens Healthineers teamplay Fleet customer online portal for more information.
DCA Vantage Analyzer (vulnerabilities CVE-2020-7590 and CVE-2020-15797).
DCA Vantage Analyzer (vulnerabilities CVE-2020-7590 and CVE-2020-15797). Siemens Healthineers is aware of two vulnerabilities in the DCA Vantage Analyzer, CVE-2020-7590 and CVE-2020-15797. Software version 4.5 is now available to customers to remediate both. The full security advisory can be found here (Siemens Healthineers Security Advisory) or in the
Siemens Healthineers teamplay Fleet customer online portal.
24.06.2020: Ripple20 - Treck TCP/IP stack vulnerabilities
Siemens Healthineers is aware of the TCP/IP stack vulnerabilities named Ripple20 (https://h-isac.org/h-isac-vulnerability-bulletin-ripple20/) disclosed by Treck on June 16 2020.
Our experts are investigating the reports to determine if any Siemens Healthineers products are affected. This statement will be updated as soon as more information becomes available, and we will notify customers through Siemens Healthineers teamplay Fleet customer online portal.
25.02.2020: SweynTooth - vulnerabilities in Bluetooth Low Energy (BLE)
Siemens Healthineers is aware of the vulnerabilities in Bluetooth Low Energy (BLE) known collectively as SweynTooth. Our investigations by security experts have not identified any products affected by these vulnerabilities. We continue to monitor the issue as it develops and will notify customers through Siemens Healthineers teamplay Fleet customer online portal.